Sujet Précédent Sujet Suivant

[Trojan] Infecté par Pipas. A

BenJ -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour à tous,

Avant tout ma config: Xp pro

J'ai été infecté il y a peu par un virus, que mon antivirus (Antivir) a supprimé. Lorsque je lance adaware une première fois, il me supprime toutes les cochonneries. Le 2e passage est clean.

Avec spybot, le 1er passage detecte Pipas. A, je supprime, je refait un scan, et il est à nouveau là...

Apres plusieurs recherches sur le net, je n'ai pas vraiment trouvé comment supprimer ce trojan [description ici: http://www.avira.com/fr/threats/TR_Pipas_A_details.html]

J'ai donc besoin de votre aide pour virer ce trojan! Quand je veux visiter une page web, par exemple je tappe: ccm.net, il me dirige une fois vers un site louche, encore une deuxieme fois, et la 3e fois est enfin ccm.
Je recois aussi des emails louches...

J'ai donc fait un rapport Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 15:53:32, on 23/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\iPodmini\bin\iPodService.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ben\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dmrsj.exe] C:\WINDOWS\system32\dmrsj.exe
O4 - HKLM\..\RunServices: [MSN MMISSENGER] mssmmspgr.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TheTurtle] D:\TheTrutle\TheTurtle\TheTurtle.exe
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat4.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{22159C2F-A2BE-4CD9-9DCD-449FAF495FFB}: NameServer = 85.255.114.46,85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA1454DC-38DD-43E2-B81C-3D01678AFDEB}: NameServer = 85.255.114.46,85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7B0A45C-27E4-42C3-B88B-963F54EF36BD}: NameServer = 85.255.114.46,85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46 85.255.112.210
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPodmini\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Voilà, votre aide me serait précieuse :) (si au passage il ya des truc inutiles a virer ;) )

BenJ
A voir également:

25 réponses

Précédent
  • 1
  • 2
Réponse 21 / 25
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Re,

Le rapport est tout simple ;-)

Of course j'ai spybot :D et adaware aussi ;)

Tu as des bons logiciels lol

Ya des trucs que j'ai toujours eu, comme Active Desktop,et coolwwwserachgooglems.

Le probleme c est que tu as une ancienne version de spybot, alors procedes comme ceci stp:

Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
------------------------------------------------
Puis relance le et choisis option 3, accepte la suppression des fichiers de la zone de securité.

Relance spybot et regarde si c est clean.

Ensuite desinstalles spybot et installe la version récente:

Spybot S&D 1.4 (tu as la 1.3)
https://www.safer-networking.org/

Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

Scan ton pc avec, copie/colle le rapport.

Je ne voi plus PipasA ?!? Eradiqué ?

Of course !! :-D

Ah au fait, l'autre jour en redémarrant,Ewido m'a detecté le Trojan SMall, a proposé Clean+Quarantin,en ,j'ai fait oui. Eradiqué?

Si tu n as plus d alertes oui ! relance ewido par securité !

A+
;-)
0
Réponse 22 / 25
BenJ
 
slt. je pars en vacances 15 j, j'ai pas le temps de finir ça.
Je reposte dans 15J pour terminer:

merci bcp de ton aide

A+
0
Réponse 23 / 25
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut BenJ,

Pas de problemes, profites bien de tes vacances :-)

Et ramene nous des photos !!!!!lol

Allez, repose toi bien, tu vas ou?

a+
0
Réponse 24 / 25
BenJ
 
Me revoila :D.
J'étais à Lacanau avec des potes, en camping, sympa :)

Alors alors,

SmitFraudFix v2.75b

Rapport fait à 18:09:00.07, 14/08/2006
Executé à partir de C:\Documents and Settings\Ben\Bureau\Virus\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ben\Application Data

C:\Documents and Settings\Ben\Application Data\Install.dat PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Ben\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Ma version 1.3 de spybot trouve Windows.ActiveDestkop..
Le rapport:

--- Search result list ---
Windows.ActiveDesktop: Réglages utilisateur (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1659004503-842925246-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

--- Spybot - Search && Destroy version: 1.3 ---
2006-07-14 Includes\Cookies.sbi
2006-07-14 Includes\Dialer.sbi
2006-07-14 Includes\Hijackers.sbi
2006-07-14 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2006-07-14 Includes\Malware.sbi
2006-07-14 Includes\PUPS.sbi
2006-07-14 Includes\Revision.sbi
2006-07-14 Includes\Security.sbi
2006-07-14 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2006-07-14 Includes\Trojans.sbi

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)

--- Startup entries list ---
Located: HK_LM:Run, !ewido
command: "C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe" /minimized
file: C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe
size: 6283264
MD5: 10c40f37ac87a18f624143d4fe6e8dec

Located: HK_LM:Run, avgnt
command: "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
size: 233512
MD5: d05a80b5a605f8b8fb0915d1a4905471

Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: ac116f16a7716a720a45d7ea47cfd983

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 8778072a594e1310c0b7d0a93771e8bd

Located: HK_LM:Run, Logitech Utility
command: Logi_MwX.Exe
file: C:\WINDOWS\Logi_MwX.Exe
size: 19968
MD5: e57163001c8a279ab6b1a06b5834a463

Located: HK_LM:Run, LogitechGalleryRepair
command: C:\Program Files\Logitech\Video\ISStart.exe
file: C:\Program Files\Logitech\Video\ISStart.exe
size: 188416
MD5: 3257a2a9e9943de93ee5438cb2e77359

Located: HK_LM:Run, LogitechVideoRepair
command: C:\Program Files\Logitech\Video\ISStart.exe
file: C:\Program Files\Logitech\Video\ISStart.exe
size: 188416
MD5: 3257a2a9e9943de93ee5438cb2e77359

Located: HK_LM:Run, LogitechVideoTray
command: C:\Program Files\Logitech\Video\LogiTray.exe
file: C:\Program Files\Logitech\Video\LogiTray.exe
size: 65536
MD5: 66fa2cc087dfa905c22a7f83ff59c7dc

Located: HK_LM:Run, MessengerPlus3
command: "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
file: C:\Program Files\Messenger Plus! 3\MsgPlus.exe
size: 190024
MD5: b787d9a60fee9c3732c2e2d4571bb716

Located: HK_LM:Run, MSO
command:

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33792
MD5: cdd7140c0eaa754c527b983ccc9993cd

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33792
MD5: cdd7140c0eaa754c527b983ccc9993cd

Located: HK_LM:Run, zBrowser Launcher
command: C:\Program Files\Logitech\iTouch\iTouch.exe
file: C:\Program Files\Logitech\iTouch\iTouch.exe
size: 631362
MD5: 535defd797d14dbc6edc4d746dc23d41

Located: HK_CU:Run, LogitechSoftwareUpdate
command: "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
file: C:\Program Files\Logitech\Video\ManifestEngine.exe
size: 196608
MD5: c1913a21cb3a7bf314641acf0a8f81c9

Located: HK_CU:Run, Skype
command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Program Files\Skype\Phone\Skype.exe
size: 19543592
MD5: bb6d574b1913e9e1c1d1bc1e69dae29b

Located: HK_CU:Run, Spamihilator
command: "C:\Program Files\Spamihilator\spamihilator.exe"
file: C:\Program Files\Spamihilator\spamihilator.exe
size: 595968
MD5: 63c6e86d93bbb627875cb5dffe7f0ae1

Located: HK_CU:Run, Steam
command:

Located: Démarrage (tous utilisateurs), HP Digital Imaging Monitor.lnk
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 282624
MD5: 5597d0075861cb0a6e6087752d205c0d

Located: Démarrage (tous utilisateurs), Logitech Desktop Messenger.lnk
command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
size: 169472
MD5: 91291ca1490f952d977618544d540b87

Located: Démarrage (tous utilisateurs), NETGEAR WPN111 Smart Wizard.lnk
command: C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
file: C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
size: 491606
MD5: 38a54162f6ef4bcc7b71b66bee3ab24a

Located: Démarrage (tous utilisateurs), Post-it® Software Notes Lite.lnk
command: C:\Program Files\3M\PSNLite\PsnLite.exe
file: C:\Program Files\3M\PSNLite\PsnLite.exe
size: 2080768
MD5: 49ad529f6ca9b4b847180e8f1af48e89

Located: Démarrage (utilisateur), Xfire.lnk
command: C:\Program Files\Xfire\Xfire.exe
file: C:\Program Files\Xfire\Xfire.exe
size: 4423760
MD5: 7de14201671067e570b96a7beb0b4928

Located: Démarrage (désactivé), InterVideo WinCinema Manager (DISABLED)
command: C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE
file: C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE
size: 77824
MD5: bf48304999ce4834c66ce07fd534cd26

Located: Démarrage (désactivé), Lancement rapide d'Adobe Reader (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
file: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Démarrage (désactivé), Rappels du Calendrier Microsoft Works (DISABLED)
command: C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\wkcalrem.exe
file: C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\wkcalrem.exe
size: 53317
MD5: 4b3228894d9a22fd458a663684cfd8fe

--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: https://get2.adobe.com/reader/otherversions/
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 14/12/2004 01:56:50
Date (last access): 14/08/2006 17:14:38
Date (last write): 14/12/2004 01:56:50
Filesize: 63136
Attributes: archive
MD5: 42729C3DE75A7A51FC6F9EF6546C9199
CRC32: 4D60BD07
Version: 0.7.0.0

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 27/02/2006 20:36:44
Date (last access): 14/08/2006 17:14:38
Date (last write): 14/02/2006 21:06:14
Filesize: 1204224
Attributes: readonly archive
MD5: D91CB7361D7814035F543C7CCAE9DD60
CRC32: 16D568FF
Version: 0.3.0.0

--- ActiveX list ---
Interface Chat Voila (Interface Chat Voila)
DPF name: Interface Chat Voila
CLSID name:

Interface Chat Wanadoo (Interface Chat Wanadoo)
DPF name: Interface Chat Wanadoo
CLSID name:

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

Yahoo! Pool 2 (Yahoo! Pool 2)
DPF name: Yahoo! Pool 2
CLSID name:

{00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 29/05/2003 15:00:18
Date (last access): 14/08/2006 17:50:54
Date (last write): 29/05/2003 15:00:18
Filesize: 77408
Attributes: archive
MD5: 42D567DF86B9B7AC4A89664C9651B68B
CRC32: 47FF3D19
Version: 0.7.0.1

{14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~2.DLL
Date (created): 06/04/2004 19:03:54
Date (last access): 14/08/2006 17:50:54
Date (last write): 06/04/2004 19:03:54
Filesize: 172072
Attributes: archive
MD5: 94D1773AEAA2197AFEE3A6F8404FE4E9
CRC32: 76C3823D
Version: 0.9.0.2

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 17/05/2006 11:23:38
Date (last access): 14/08/2006 13:17:52
Date (last write): 17/05/2006 11:23:38
Filesize: 579888
Attributes: archive
MD5: 99619B070D9AF903E874C2968FEE1E24
CRC32: 87EA3AB2
Version: 0.1.0.5

{2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: minesweeper.dll
Short name: MINESW~1.DLL
Date (created): 29/05/2003 15:00:22
Date (last access): 14/08/2006 17:50:54
Date (last write): 29/05/2003 15:00:22
Filesize: 84064
Attributes: archive
MD5: F951FD0EA383DF2D49CA0359E4A86968
CRC32: 50A69718
Version: 0.7.0.1

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:

{54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class)
DPF name:
CLSID name: EARTPatchX Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: EARTPX.dll
Short name:
Date (created): 26/10/2003 15:25:18
Date (last access): 14/08/2006 17:50:54
Date (last write): 26/10/2003 15:25:18
Filesize: 133712
Attributes: archive
MD5: B58365C0A1A1A1E94BFD07FD7CC9314C
CRC32: 9D644047
Version: 0.1.0.0

{62475759-9E84-458E-A1AB-5D2C442ADFDE} ()
DPF name:
CLSID name:

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 03/08/2004 13:59:06
Date (last access): 14/08/2006 13:18:30
Date (last write): 03/08/2004 13:59:06
Filesize: 120288
Attributes: archive
MD5: 0CD6248038C70B4C688DBD315D90A97A
CRC32: 0EF7DE01
Version: 0.5.0.4

{74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
description: Trend Micro Antivirus online scanner
classification: Legitimate
known filename: XSCAN53.OCX
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\DOWNLO~1\
Long name: xscan53.ocx
Short name:
Date (created): 09/06/2004 17:56:02
Date (last access): 28/07/2006 16:16:00
Date (last write): 09/06/2004 17:56:02
Filesize: 435712
Attributes: archive
MD5: DCFFCA7F818B4CF4DF29B8932907735D
CRC32: 89BBB9BF
Version: 0.5.0.70

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 29/05/2003 15:00:20
Date (last access): 14/08/2006 17:50:54
Date (last write): 29/05/2003 15:00:20
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 0.7.0.1

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 11/04/2005 12:20:22
Date (last access): 14/08/2006 17:50:54
Date (last write): 11/04/2005 12:20:22
Filesize: 118784
Attributes: archive
MD5: 36259D36E842FCF12B3D2F3766E7529F
CRC32: F62E6268
Version: 0.57.0.6

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class)
DPF name:
CLSID name: BatchDownloader Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: DigWXMSN.dll
Short name:
Date (created): 07/04/2005 17:59:08
Date (last access): 14/08/2006 17:50:54
Date (last write): 07/04/2005 17:59:08
Filesize: 191488
Attributes: archive
MD5: 718167A6B519B31D5643C034776A70AE
CRC32: 363B7B87
Version: 0.10.0.0

{B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class)
DPF name:
CLSID name: ZoneIntro Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZIntro.ocx
Short name:
Date (created): 06/04/2004 19:03:12
Date (last access): 28/07/2006 16:16:00
Date (last write): 06/04/2004 19:03:12
Filesize: 85032
Attributes: archive
MD5: 65431ACCF09A96C3BE53B7681BFFE44D
CRC32: C8777857
Version: 0.9.0.2

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8.ocx
Short name:
Date (created): 27/08/2005 13:38:56
Date (last access): 14/08/2006 17:16:08
Date (last write): 27/08/2005 13:38:56
Filesize: 1435272
Attributes: archive
MD5: 900373C059C2B51CA91BF110DBDECB33
CRC32: F19599BC
Version: 0.8.0.0

{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
DPF name:
CLSID name: Solitaire Showdown Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: solitaireshowdown.dll
Short name: SOLITA~1.DLL
Date (created): 29/05/2003 15:00:20
Date (last access): 14/08/2006 17:50:54
Date (last write): 29/05/2003 15:00:20
Filesize: 86112
Attributes: archive
MD5: 6E0E81210B17C225AD8DBB86F0C41E32
CRC32: 1C944476
Version: 0.7.0.1

--- Process list ---
Spybot - Search && Destroy process list report, 14/08/2006 17:58:05

PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 272 ( 524) C:\WINDOWS\System32\svchost.exe
PID: 396 ( 4) \SystemRoot\System32\smss.exe
PID: 456 ( 396) csrss.exe
PID: 480 ( 396) \??\C:\WINDOWS\system32\winlogon.exe
PID: 524 ( 480) C:\WINDOWS\system32\services.exe
PID: 536 ( 480) C:\WINDOWS\system32\lsass.exe
PID: 684 ( 524) C:\WINDOWS\system32\svchost.exe
PID: 740 ( 524) svchost.exe
PID: 780 ( 524) C:\WINDOWS\System32\svchost.exe
PID: 832 ( 524) svchost.exe
PID: 1000 ( 524) svchost.exe
PID: 1076 (1248) C:\WINDOWS\Logi_MwX.Exe
PID: 1108 (1248) C:\Program Files\Logitech\iTouch\iTouch.exe
PID: 1164 ( 780) C:\WINDOWS\system32\wscntfy.exe
PID: 1248 (1196) C:\WINDOWS\Explorer.EXE
PID: 1260 (1248) C:\Program Files\Messenger Plus! 3\MsgPlus.exe
PID: 1276 (1248) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PID: 1396 (1248) C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
PID: 1440 (1248) C:\Program Files\iTunes\iTunesHelper.exe
PID: 1632 ( 524) C:\WINDOWS\system32\spoolsv.exe
PID: 1728 ( 524) C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
PID: 1740 ( 524) C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
PID: 1800 ( 524) C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\guard.exe
PID: 1828 ( 524) C:\WINDOWS\System32\nvsvc32.exe
PID: 1840 ( 524) C:\WINDOWS\system32\HPZipm12.exe
PID: 1888 ( 524) C:\WINDOWS\System32\svchost.exe
PID: 1972 ( 524) wdfmgr.exe
PID: 1980 (1248) C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe
PID: 2032 ( 524) alg.exe
PID: 2220 ( 524) C:\Program Files\iPodmini\bin\iPodService.exe
PID: 2316 (1248) C:\Program Files\Spamihilator\spamihilator.exe
PID: 2336 (1248) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PID: 2356 (1248) C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
PID: 2372 (1248) C:\Program Files\3M\PSNLite\PsnLite.exe
PID: 2432 (2372) C:\PROGRA~1\3M\PSNLite\PSNGive.exe
PID: 2660 (1248) C:\Program Files\Xfire\Xfire.exe
PID: 2688 (1248) C:\Program Files\Internet Explorer\iexplore.exe
PID: 3072 ( 684) C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
PID: 3484 (1248) C:\Program Files\iTunes\iTunes.exe
PID: 3492 (1248) C:\Program Files\MSN Messenger\msnmsgr.exe
PID: 3576 (1248) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 14/08/2006 17:58:05

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchURL
https://www.google.com/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
https://www.orange.fr/portail
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fsearch%2flobby%2fsearch.asp%3f
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
https://www.msn.com/fr-fr/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fsearch%2flobby%2fsearch.asp%3f
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: Xfire_LSP MSAFD Tcpip [TCP/IP]
GUID: {56559461-2306-4AA6-A44F-972DD0806CB6}
Filename: xfire_lsp_9028.dll

Protocol 1: Xfire_LSP MSAFD Tcpip [UDP/IP]
GUID: {09B88101-02D0-4DEE-A688-4681101F26F2}
Filename: xfire_lsp_9028.dll

Protocol 2: Xfire_LSP MSAFD Tcpip [RAW/IP]
GUID: {5BCD7D46-3E32-454D-AA70-B850B680AB20}
Filename: xfire_lsp_9028.dll

Protocol 3: Xfire_LSP RSVP UDP Service Provider
GUID: {FCE21FA4-C3D9-4B8A-AF41-A484BAD47637}
Filename: xfire_lsp_9028.dll

Protocol 4: Xfire_LSP RSVP TCP Service Provider
GUID: {DA1A8136-BE14-4A16-8E7B-4FAAEF2C9D91}
Filename: xfire_lsp_9028.dll

Protocol 5: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 7: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 8: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{22159C2F-A2BE-4CD9-9DCD-449FAF495FFB}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{22159C2F-A2BE-4CD9-9DCD-449FAF495FFB}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DA1454DC-38DD-43E2-B81C-3D01678AFDEB}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DA1454DC-38DD-43E2-B81C-3D01678AFDEB}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7B0A45C-27E4-42C3-B88B-963F54EF36BD}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7B0A45C-27E4-42C3-B88B-963F54EF36BD}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C5D6808A-CE99-401B-986A-3ED2D6FAC347}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C5D6808A-CE99-401B-986A-3ED2D6FAC347}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EAF15909-EF3F-48B7-AD12-CCE134B8E1C2}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EAF15909-EF3F-48B7-AD12-CCE134B8E1C2}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: Xfire_LSP
GUID: {C6C30084-C640-4416-A427-19DD8FCF98B2}
Filename: xfire_lsp_9028.dll

Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Espace de noms NLA (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

J'ai installé spybot 1.4; il trouve
CoolWWWsearch.SearchToolbar
CoolWWWsearch
HotsearchBar
WindowsActiveDestkop
Voici le rapport de spybot 1.4:

--- Search result list ---
CoolWWWSearch: Dossier Programme (Répertoire, nothing done)
C:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\MSFT\

HotsearchBar: Fichier temporaire (Fichier, nothing done)
C:\Documents and Settings\Ben\Local Settings\Temp\nse17.tmp

HotsearchBar: Fichier temporaire (Fichier, nothing done)
C:\Documents and Settings\Ben\Local Settings\Temp\nse18.tmp

HotsearchBar: Fichier temporaire (Fichier, nothing done)
C:\Documents and Settings\Ben\Local Settings\Temp\nsb5A.tmp

HotsearchBar: Fichier temporaire (Fichier, nothing done)
C:\Documents and Settings\Ben\Local Settings\Temp\nsr5B.tmp

Windows.ActiveDesktop: Réglages utilisateur (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1659004503-842925246-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

CoolWWWSearch.SearchToolbar: Réglages (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1659004503-842925246-682003330-1003\Software\SearchToolbar

CoolWWWSearch.SearchToolbar: Barre d'outils IE (Clé du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SearchToolbar

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-08-14 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-08-11 Includes\Cookies.sbi (*)
2006-08-11 Includes\Dialer.sbi (*)
2006-08-11 Includes\Hijackers.sbi (*)
2006-08-11 Includes\Keyloggers.sbi (*)
2006-08-11 Includes\Malware.sbi (*)
2006-08-11 Includes\PUPS.sbi (*)
2006-08-11 Includes\Revision.sbi (*)
2006-08-11 Includes\Security.sbi (*)
2006-08-11 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-08-11 Includes\Trojans.sbi (*)

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)

--- Startup entries list ---
Located: HK_LM:Run, !ewido
command: "C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe" /minimized
file: C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\ewido.exe
size: 6283264
MD5: 10c40f37ac87a18f624143d4fe6e8dec

Located: HK_LM:Run, avgnt
command: "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
size: 233512
MD5: d05a80b5a605f8b8fb0915d1a4905471

Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: ac116f16a7716a720a45d7ea47cfd983

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 8778072a594e1310c0b7d0a93771e8bd

Located: HK_LM:Run, Logitech Utility
command: Logi_MwX.Exe
file: C:\WINDOWS\Logi_MwX.Exe
size: 19968
MD5: e57163001c8a279ab6b1a06b5834a463

Located: HK_LM:Run, LogitechGalleryRepair
command: C:\Program Files\Logitech\Video\ISStart.exe
file: C:\Program Files\Logitech\Video\ISStart.exe
size: 188416
MD5: 3257a2a9e9943de93ee5438cb2e77359

Located: HK_LM:Run, LogitechVideoRepair
command: C:\Program Files\Logitech\Video\ISStart.exe
file: C:\Program Files\Logitech\Video\ISStart.exe
size: 188416
MD5: 3257a2a9e9943de93ee5438cb2e77359

Located: HK_LM:Run, LogitechVideoTray
command: C:\Program Files\Logitech\Video\LogiTray.exe
file: C:\Program Files\Logitech\Video\LogiTray.exe
size: 65536
MD5: 66fa2cc087dfa905c22a7f83ff59c7dc

Located: HK_LM:Run, MessengerPlus3
command: "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
file: C:\Program Files\Messenger Plus! 3\MsgPlus.exe
size: 190024
MD5: b787d9a60fee9c3732c2e2d4571bb716

Located: HK_LM:Run, MSO
command:
file:

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33792
MD5: cdd7140c0eaa754c527b983ccc9993cd

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33792
MD5: cdd7140c0eaa754c527b983ccc9993cd

Located: HK_LM:Run, zBrowser Launcher
command: C:\Program Files\Logitech\iTouch\iTouch.exe
file: C:\Program Files\Logitech\iTouch\iTouch.exe
size: 631362
MD5: 535defd797d14dbc6edc4d746dc23d41

Located: HK_CU:Run, LogitechSoftwareUpdate
command: "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
file: C:\Program Files\Logitech\Video\ManifestEngine.exe
size: 196608
MD5: c1913a21cb3a7bf314641acf0a8f81c9

Located: HK_CU:Run, Skype
command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Program Files\Skype\Phone\Skype.exe
size: 19543592
MD5: bb6d574b1913e9e1c1d1bc1e69dae29b

Located: HK_CU:Run, Spamihilator
command: "C:\Program Files\Spamihilator\spamihilator.exe"
file: C:\Program Files\Spamihilator\spamihilator.exe
size: 595968
MD5: 63c6e86d93bbb627875cb5dffe7f0ae1

Located: HK_CU:Run, Steam
command:
file:

Located: Démarrage (tous utilisateurs), HP Digital Imaging Monitor.lnk
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 282624
MD5: 5597d0075861cb0a6e6087752d205c0d

Located: Démarrage (tous utilisateurs), Logitech Desktop Messenger.lnk
command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
size: 169472
MD5: 91291ca1490f952d977618544d540b87

Located: Démarrage (tous utilisateurs), NETGEAR WPN111 Smart Wizard.lnk
command: C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
file: C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
size: 491606
MD5: 38a54162f6ef4bcc7b71b66bee3ab24a

Located: Démarrage (tous utilisateurs), Post-it® Software Notes Lite.lnk
command: C:\Program Files\3M\PSNLite\PsnLite.exe
file: C:\Program Files\3M\PSNLite\PsnLite.exe
size: 2080768
MD5: 49ad529f6ca9b4b847180e8f1af48e89

Located: Démarrage (utilisateur), Xfire.lnk
command: C:\Program Files\Xfire\Xfire.exe
file: C:\Program Files\Xfire\Xfire.exe
size: 4423760
MD5: 7de14201671067e570b96a7beb0b4928

Located: Démarrage (désactivé), InterVideo WinCinema Manager (DISABLED)
command: C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE
file: C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE
size: 77824
MD5: bf48304999ce4834c66ce07fd534cd26

Located: Démarrage (désactivé), Lancement rapide d'Adobe Reader (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
file: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Démarrage (désactivé), Rappels du Calendrier Microsoft Works (DISABLED)
command: C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\wkcalrem.exe
file: C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\wkcalrem.exe
size: 53317
MD5: 4b3228894d9a22fd458a663684cfd8fe

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: https://get2.adobe.com/reader/otherversions/
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 14/12/2004 01:56:50
Date (last access): 14/08/2006 18:15:58
Date (last write): 14/12/2004 01:56:50
Filesize: 63136
Attributes: archive
MD5: 42729C3DE75A7A51FC6F9EF6546C9199
CRC32: 4D60BD07
Version: 7.0.0.1333

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 14/08/2006 18:11:58
Date (last access): 14/08/2006 18:11:58
Date (last write): 31/05/2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://www.google.com/intl/fr/toolbar/ie/index.html
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 27/02/2006 20:36:44
Date (last access): 14/08/2006 18:15:58
Date (last write): 14/02/2006 21:06:14
Filesize: 1204224
Attributes: readonly archive
MD5: D91CB7361D7814035F543C7CCAE9DD60
CRC32: 16D568FF
Version: 3.0.131.0

--- ActiveX list ---
Interface Chat Voila (Interface Chat Voila)
DPF name: Interface Chat Voila
CLSID name:
Installer:
Codebase: http://chat9.x-echo.com/version6/Applet/vchatsign.cab

Interface Chat Wanadoo (Interface Chat Wanadoo)
DPF name: Interface Chat Wanadoo
CLSID name:
Installer:
Codebase: http://chat4.x-echo.com/version6/Applet/wchatsign.cab

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

Yahoo! Pool 2 (Yahoo! Pool 2)
DPF name: Yahoo! Pool 2
CLSID name:
Installer:
Codebase: http://download.games.yahoo.com/games/clients/y/pote_x.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
description:
classification: Legitimate
known filename: msgrchkr.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 29/05/2003 15:00:18
Date (last access): 14/08/2006 17:50:54
Date (last write): 29/05/2003 15:00:18
Filesize: 77408
Attributes: archive
MD5: 42D567DF86B9B7AC4A89664C9651B68B
CRC32: 47FF3D19
Version: 7.1.9502.1

{14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
description:
classification: Legitimate
known filename: MessengerStatsPAClient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~2.DLL
Date (created): 06/04/2004 19:03:54
Date (last access): 14/08/2006 17:50:54
Date (last write): 06/04/2004 19:03:54
Filesize: 172072
Attributes: archive
MD5: 94D1773AEAA2197AFEE3A6F8404FE4E9
CRC32: 76C3823D
Version: 9.2.7513.1

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 17/05/2006 11:23:38
Date (last access): 14/08/2006 17:58:06
Date (last write): 17/05/2006 11:23:38
Filesize: 579888
Attributes: archive
MD5: 99619B070D9AF903E874C2968FEE1E24
CRC32: 87EA3AB2
Version: 1.5.530.0

{2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
description:
classification: Legitimate
known filename: minesweeper.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: minesweeper.dll
Short name: MINESW~1.DLL
Date (created): 29/05/2003 15:00:22
Date (last access): 14/08/2006 17:50:54
Date (last write): 29/05/2003 15:00:22
Filesize: 84064
Attributes: archive
MD5: F951FD0EA383DF2D49CA0359E4A86968
CRC32: 50A69718
Version: 7.1.9502.1

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
Codebase: http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922...
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class)
DPF name:
CLSID name: EARTPatchX Class
Installer: C:\WINDOWS\Downloaded Program Files\EARTPX.inf
Codebase: http://www.ea.com/downloads/rtpatch/EARTPX.cab
description:
classification: Open for discussion
known filename: EARTPX.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: EARTPX.dll
Short name:
Date (created): 26/10/2003 15:25:18
Date (last access): 14/08/2006 17:50:54
Date (last write): 26/10/2003 15:25:18
Filesize: 133712
Attributes: archive
MD5: B58365C0A1A1A1E94BFD07FD7CC9314C
CRC32: 9D644047
Version: 1.0.0.3

{62475759-9E84-458E-A1AB-5D2C442ADFDE} ()
DPF name:
CLSID name:
Installer:
Codebase: http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/fr/win...
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_s...
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 03/08/2004 13:59:06
Date (last access): 14/08/2006 17:58:06
Date (last write): 03/08/2004 13:59:06
Filesize: 120288
Attributes: archive
MD5: 0CD6248038C70B4C688DBD315D90A97A
CRC32: 0EF7DE01
Version: 5.4.3790.2182

{74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
Installer: C:\WINDOWS\Downloaded Program Files\xscan.inf
Codebase: https://www.trendmicro.com/en_us/forHome/products/housecall.html
description: Trend Micro Antivirus online scanner
classification: Legitimate
known filename: XSCAN53.OCX
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\DOWNLO~1\
Long name: xscan53.ocx
Short name:
Date (created): 09/06/2004 17:56:02
Date (last access): 14/08/2006 17:58:06
Date (last write): 09/06/2004 17:56:02
Filesize: 435712
Attributes: archive
MD5: DCFFCA7F818B4CF4DF29B8932907735D
CRC32: 89BBB9BF
Version: 5.70.0.1086

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
description:
classification: Legitimate
known filename: messengerstatsclient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 29/05/2003 15:00:20
Date (last access): 14/08/2006 17:50:54
Date (last write): 29/05/2003 15:00:20
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 7.1.9502.1

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cab
description:
classification: Open for discussion
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 11/04/2005 12:20:22
Date (last access): 14/08/2006 17:50:54
Date (last write): 11/04/2005 12:20:22
Filesize: 118784
Attributes: archive
MD5: 36259D36E842FCF12B3D2F3766E7529F
CRC32: F62E6268
Version: 57.6.0.0

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38118.5723842593
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class)
DPF name:
CLSID name: BatchDownloader Class
Installer: C:\WINDOWS\Downloaded Program Files\DigWXMSN.inf
Codebase: http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: DigWXMSN.dll
Short name:
Date (created): 07/04/2005 17:59:08
Date (last access): 14/08/2006 17:50:54
Date (last write): 07/04/2005 17:59:08
Filesize: 191488
Attributes: archive
MD5: 718167A6B519B31D5643C034776A70AE
CRC32: 363B7B87
Version: 10.0.910.0

{B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class)
DPF name:
CLSID name: ZoneIntro Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
description:
classification: Legitimate
known filename: ZIntro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZIntro.ocx
Short name:
Date (created): 06/04/2004 19:03:12
Date (last access): 14/08/2006 17:58:06
Date (last write): 06/04/2004 19:03:12
Filesize: 85032
Attributes: archive
MD5: 65431ACCF09A96C3BE53B7681BFFE44D
CRC32: C8777857
Version: 9.2.7513.1

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8.ocx
Short name:
Date (created): 27/08/2005 13:38:56
Date (last access): 14/08/2006 17:16:08
Date (last write): 27/08/2005 13:38:56
Filesize: 1435272
Attributes: archive
MD5: 900373C059C2B51CA91BF110DBDECB33
CRC32: F19599BC
Version: 8.0.22.0

{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
DPF name:
CLSID name: Solitaire Showdown Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
description:
classification: Legitimate
known filename: solitaireshowdown.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: solitaireshowdown.dll
Short name: SOLITA~1.DLL
Date (created): 29/05/2003 15:00:20
Date (last access): 14/08/2006 17:50:54
Date (last write): 29/05/2003 15:00:20
Filesize: 86112
Attributes: archive
MD5: 6E0E81210B17C225AD8DBB86F0C41E32
CRC32: 1C944476
Version: 7.1.9502.1

--- Process list ---
PID: 0 ( 0) [System]
PID: 388 ( 4) \SystemRoot\System32\smss.exe
PID: 452 ( 388) \??\C:\WINDOWS\system32\csrss.exe
PID: 848 ( 388) \??\C:\WINDOWS\system32\winlogon.exe
PID: 892 ( 848) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 63DCDE1A0D86EEB8924D6738FF616EAD
PID: 904 ( 848) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 259AF82A0932EEA4F316F92DB94707B6
PID: 1060 ( 892) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1116 ( 892) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1260 ( 892) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1312 ( 892) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1452 ( 892) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1760 ( 892) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DF9FC62AD51CB082B0AE371919A232CB
PID: 1856 ( 892) C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
size: 34344
MD5: 756696E86515155A2DB03E1CD7C4EBD0
PID: 1868 ( 892) C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
size: 192040
MD5: BEE96D31BE5BB8F5E2F7AEB6984D308D
PID: 1924 ( 892) C:\Documents and Settings\Ben\Bureau\Virus\ewido anti-spyware 4.0\guard.exe
size: 172032
MD5: F8D982556A9E0795829632FF0812DC2D
PID: 1968 ( 892) C:\WINDOWS\System32\nvsvc32.exe
size: 110659
MD5: 8FB3996085D399475BACE196CA981A0A
PID: 1996 ( 892) C:\WINDOWS\system32\HPZipm12.exe
size: 69632
MD5: 9D84376931440F3679BEEF2A414FA493
PID: 200 ( 892) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 224 ( 892) C:\WINDOWS\System32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 1248 ( 720) C:\WINDOWS\Explorer.EXE
size: 1036288
MD5: 2A7BD330924252A2FD80344FC949BB72
PID: 1656 (1248) C:\WINDOWS\Logi_MwX.Exe
size: 19968
MD5: E57163001C8A279AB6B1A06B5834A463
PID: 1684 (1248) C:\Program Files\Logitech\iTouch\iTouch.exe
size: 631362
MD5: 535DEFD797D14DBC6EDC4D746DC23D41
PID: 1488 (1248) C:\Program Files\Messenger Plus! 3\MsgPlus.exe
size: 190024
MD5: B787D9A60FEE9C3732C2E2D4571BB716
PID: 168 (1248) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 25
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Ah super, tu as du t eclater lol

----------------------------------------------------------------------------
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

Ensuite desinstalles spybot et installe la version récente:

Spybot S&D 1.4 (tu as la 1.3)
https://www.safer-networking.org/

Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

Scan ton pc avec, copie/colle le rapport.

A+
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses